PT-2007-6674 · Tikiwiki · Tikiwiki

Published

2007-10-26

Updated

2012-10-24

CVE-2007-5683

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions TikiWiki versions 1.9.8.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter to the "tiki-remind password.php" page, IMG tags in wiki pages, and the local php parameter to "db/tiki-db.php".

Recommendations For TikiWiki versions 1.9.8.1 and earlier, consider disabling the password reminder feature and restricting the use of IMG tags in wiki pages until a fix is available. Avoid using the local php parameter in "db/tiki-db.php" to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2007-5683

Affected Products

Tikiwiki

PT-2007-6674 · Tikiwiki · Tikiwiki

CVE-2007-5683

Weakness Enumeration

Related Identifiers

Affected Products

References · 3